2008/9/11 Kyle Hamilton <[EMAIL PROTECTED]> > If you're getting pronounced jitter on your client machines, I'd > suggest two things: > > 1) install ntp clients on them, and > 2) create your client certificates with a notBefore date of (now - 10m). >
That's exactly what I did. In fact, I synchronize machines weekly, but I haven't expected the clock to work that bad... What was worse was that one clock goes faster, the other one slower, so it doubles the difference :) > > The concept of 'time' is that there is One True Time. The problem is > that the One True Time is difficult to trust your client machines to > have. (This is the same problem that Kerberos has, by the way.) > > -Kyle H > Thanks, -- Silviu
